//package cn.itcast.wanxinp2p.gateway.config;
//
//import lombok.AllArgsConstructor;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.http.codec.ServerCodecConfigurer;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
//import org.springframework.security.oauth2.provider.token.TokenStore;
//import org.springframework.security.web.AuthenticationEntryPoint;
//
//import javax.annotation.Resource;
//
//@Configuration
//@AllArgsConstructor
////@EnableWebFluxSecurity
//public class ResouceServerConfig {
//
//    public static final String RESOURCE_ID = "wanxin-resource";
//
//@Resource
//    RestOAuth2AuthExceptionEntryPoint point;
//@Resource
//    RestAccessDeniedHandler handler;
//        @Bean
//    public ServerCodecConfigurer serverCodecConfigurer() {
//        return ServerCodecConfigurer.create();
//    }
//
//
//    /**
//     * 统一认证中心 资源拦截
//     */
//    @Configuration
//    @EnableResourceServer
////    @EnableWebFluxSecurity
////    @EnableWebSecurity
////    @EnableWebMvc
//    public class UAAServerConfig extends
//            ResourceServerConfigurerAdapter {
//
//        @Autowired
//        private TokenStore tokenStore;
//
//        @Override
//        public void configure(ResourceServerSecurityConfigurer resources)
//                throws Exception {
//            resources.tokenStore(tokenStore).resourceId(RESOURCE_ID)
//                    .stateless(true);
//        }
//
//        @Override
//        public void configure(HttpSecurity http) throws Exception {
//
//            http.sessionManagement()
//                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers("/uaa/druid/**").denyAll()
//                    .antMatchers("/uaa/**").permitAll();
//        }
//
//    }
//
//
//    /**
//     * c端用户服务 资源拦截
//     */
//    @Configuration
//    @EnableResourceServer
//    public class ConsumerServerConfig extends
//            ResourceServerConfigurerAdapter {
//
//        @Autowired
//        private TokenStore tokenStore;
//
//        @Override
//        public void configure(ResourceServerSecurityConfigurer resources)
//                throws Exception {
//            resources.tokenStore(tokenStore).resourceId(RESOURCE_ID)
//                    .stateless(true);
////               resources.accessDeniedHandler((AccessDeniedHandler) handler);
//            resources.authenticationEntryPoint((AuthenticationEntryPoint) point).accessDeniedHandler((AccessDeniedHandler) handler);
//        }
//
//        @Override
//        public void configure(HttpSecurity http) throws Exception {
//
//            http.sessionManagement()
//                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers("/consumer/l/**").denyAll()
//                    .antMatchers("/consumer/my/**").access("#oauth2.hasScope('read') and #oauth2.clientHasRole('ROLE_CONSUMER')")
//                    .antMatchers("/consumer/m/**").access("#oauth2.hasScope('read') and #oauth2.clientHasRole('ROLE_ADMIN')")
//                    .antMatchers("/consumer/**").permitAll();
//
//        }
//
//    }
//
//
//}
